The Cornersea Shire Council's IT manager, Lex Georghiu has accepted your report on the initial risk assessment. It was tabled to the leadership team, and after much deliberation a reasonable budget was approved to improve the council's security posture.
You have been assigned to the Shire of Cornersea to carry out an extensive risk assessment on the council's information management practices and on its information assets
Your task is to produce a 2500 word business report addressing the above requirements.
Project: Risk Management Plan (Group)
For this part of the assigned project, your team must first create the risk management plan.
To do so, you must:
1. Develop and provide an introduction to the plan by explaining its purpose and importance. Hint: Clearly and concisely assesses Cornersea's strategic context and proposes an appropriate risk appetite and risk tolerance for the company
2. Create an outline for the completed risk management plan.
3. Define the scope and boundaries of the plan.
4. Develop a proposed schedule for the risk management planning process.
Project: Risk Assessment Plan (Individual)
After creating this risk management plan, the second part of the assigned project requires you (individual) to create the risk assessment (RA) plan. To do so, you must:
5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk assessment.
6. Develop a proposed schedule for the RA process.
7. Carefully audit the case, undertake an inventory and identify information assets that includes both, Corneasea's most significant business information, and the information systems that must be accounted for in any approach to risk management.
8. Identify and provide an analysis of the threats and vulnerabilities that pose the greatest risks to Cornersea's most important information assets (information and systems).
9. Present a likelihood and impact analyses for the most significant risks you have identified.
10. Prioritize the most significant risks for Cornersea and provides details in a risk assessment table.
Following the completion of the risk assessment report, CORNERSEA will evaluate the next steps for your consultancy.
The risk assessment needs to be conducted in accordance with best practice and should apply (one, or a hybrid combination of) the leading standards, guidelines or frameworks pertaining to IS risk and security management. Your report must articulate clearly which standards/guidelines it has followed and how they have been used.
The following should be included with your risk assessment report
A completed assignment cover sheet (available from Blackboard prior to submission),
Relevant appendices for the report (should be used as you deem appropriate), A report reference list that applies the Harvard style guide (in text citation is an expectation for this report),
A record of tasks allocated to group members for the assignment and a brief record (minutes) of the meetings held by the group.
Please note: The assessment criteria for this report focuses on your analysis and explanation of the risk assessment you undertake. While all appendices, tables and diagrams used in the report will contribute to your assessment, they do not be count towards the word limit for the assignment.
However, all diagrams and tables in the report and any appendix added to the report must be relevant, significant and well supported (through written description) in order to count favorably towards your assessment.
Appendices, diagrams or tables that have been used simply to extend the allowable length of the assignment will not be assessed.
Attachment:- Case Study.rar